Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Orome1 writes "The well-known whitehat hacker and security researcher who goes by the handle Moxie Marlinspike has recently experienced firsthand the electronic device search that travelers are sometimes submitted to by border agents when entering the country. He was returning from the Dominican Republic by plane, and when he landed at JFK airport, he was greeted by two US Customs officials and taken to a detention room where they kept him for almost five hours, took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them."

I'm still not sure how this doesn't violate the Fourth Amendment. Customs has the right to view your belongings for *safety* reasons, and to ensure that the items you are carrying are not contraband. Does code constitute contraband now? Can you be arrested for having code on your machine? I'm not talking about copyrighted, installed programs.... if something is encrypted, isn't that the same as having a secret in your mind? You know they dumped his drive, but the main question is whether they're allowed to. Isn't that stealing from the passenger then?

So it would seem that they are only left with us traveling by car. Although I hear that they have vans with the scanners in them and are going to use them at the borders to scan cars without people getting out them. Here is the company that is selling them.http://www.as-e.com/ [as-e.com]

So it only a matter of time before the TSA is everywhere scanning everyone at the rate they are going.

The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts. Border searches have long had a broader definition of reasonable (since the very first session of congress), and are not limited to safety and contraband. FindLaw has additional commentary [findlaw.com] on the issue.

I'm still not giving up my passwords on fifth amendment grounds even if I have nothing to hide. In fact I've told a TSA goon exactly that when they asked me to login to my laptop at a screening checkpoint. They could see it wasn't a bomb from the xray and by me powering it up, the only thing that logging in could have possibly done is get me into trouble for the contents of my machine.

"They could see it wasn't a bomb from the xray and by me powering it up, "

Think it's annoying now, wait until some enterprising Jihadist figures out that the only barrier to making explosives that look like battery cells under x-ray inspection is bit of trial and error and some machine shop time to fab the tooling for fake cells. You don't need all the cells to power up a notebook for testing.

The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts.

No, the constitution protects against unreasonable searches and seizures, and then it specifically defines what that means: "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The idea that the definition of unreasonable in this context isn't clear and present is a myth that is instantly dispelled if you simply read the 4th amendment. It's right there, plain as day.

Warrants have never been required for border searches, and it was never the original intent of the founding fathers for that to occur.

Border searches are not authorized by the constitution, they were an imposition of the 1st congress in 1789, an illegal end-run around article V, which dates from 1787. Consequently it doesn't matter one bit what the "standards" are for them. Until article V is used to make them an authorized power, they're an usurped, illegal procedure.

The definition is unreasonable is based far more on common law interpretation than you presume.

The constitution overrides and obsoletes common law; that's what it is there for, to reset the line and provide a new starting point because the previous situation was out of hand.

It provides a list of authorized powers, from which the federal government may make certain very limited types of laws.

As of 1791, it also provided a list of forbidden areas, into which the federal government may not go, and as it happens, that includes forbidding warrentless searches everywhere in the domain of the federal authority, because the restriction makes no kind of exception for any locale. So not only are warrentless searches illegal by virtue of not being an authorized power, the same people who made the law (quite sensibly) ruled them out just a few years later.

I'm not saying the feds shouldn't have such a border power based on any objection I might have with the idea of searching incoming foreigners; I'm saying it's unauthorized, and short of article V, there's no other way around that.

WRT common law, citing pre-existing English (or French, if you're from Louisiana) law is typical judicial dancing on the head of a pin, smelling its own farts. This isn't England (or France.) The whole point was to strike English law from our domain. To any extent that wasn't done, my take is that it's constitutionally invalid. I'm open to other arguments, but I've yet to encounter one that trumps the constitutional one. If the constitution wasn't put here to reboot the law, as it were, then what is it for? We already had English law for just about anything you can imagine, after all.

I should point out, though I would hope it is obvious, that I am well aware that the courts don't agree with what I am saying here; my response to that is that (a) that's my point, and (b) they are in violation of their oaths which say they will support the constitution, not old English common law, and (c) in point of fact, the constitution doesn't award them the power to disagree when something is outright forbidden, as warrentless searches and seizures are, and (d) the constitution doesn't award them the power to cobble up laws that stand outside the list of authorized powers, and (e) it isn't that I have any expectation that the government will do the right thing at this juncture, I am simply interested in the public learning what the right thing is.

Final point: The constitution is the authorizing document for a brand new government that in no way is "of England." Not for some specific derivative, or modification, of England's government. The constitution describes what this new government can do, and what it can't. Nowhere in the constitution does it say that the new government may incorporate English law, common or otherwise. Since that's not an enumerated or otherwise authorized power, in order to get such a power, article V must be pursued successfully, and as they did not do that, English common law is not valid American law. Ergo, the judiciary is breaking its oath, and much of the law is unauthorized.

The encrypted material might have contained something hazardous like a Uwe Boll movie. The risk of one of those being released to the public far outweighs any privacy or Constitutional concerns. Memories of House of the Dead and Bloodrayne still make me wake up in a cold sweat. Just imagine one that was considered unreleasable. Terrorist can kill thousands but a Uwe Boll movie can injure millions, or at least the hundreds that actually see them.

Problem is it is going to have to get tested in courts, mostly likely the supreme court, and that takes time. Searches at the border themselves are completely legal. That has been established long ago. You have no expectation of privacy there, and the government has a right, and duty, to secure its borders. However the idea behind this was searching for contraband more or less. A regular search. The whole "copying your entire harddrive" or "taking your computer and not giving it back for months" is not some

There's a 4th amendment exception around airports and borders.. they can search you for *no reason*. If you don't think that is fair, you're not the only one.

Work in law enforcement, national security, or for a politician? Want someone you want searched but can't get the probable cause for a warrant? No worries, wait for them to fly, search 'em at the border and find something suspicious.. now you can search the rest of their property.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

I'm sorry, but I see no text there that says "this applies to all effects except those that the government decides it doesn't apply to."

Interpreting something doesn't involve changing its original meaning completely (especially if it was clear in the first place). It involves deciding to the best of your ability what it was originally supposed to mean as closely as possible. It's not like the fourth amendment was indecipherable. It clearly explained what it was supposed to mean, and a laptop can obviously be categorized under "effects."

Do you really expect the founding fathers to have anticipated computing devices that can encrypt data? And to put that sort of thing in the constitution?

No, the authors of the constitution didn't anticipate everything. But they anticipated quite a bit, and that includes unanticipated technology and social issues. In order to give the government the ability to deal with change, the constitution contains article V, which is the portion that outlines the procedure for amendment. Excepting amendment, they expected the constitution to be followed. Not "interpreted."

Our government, however, has fiddled its way into a situation where it does whatever the heck it wants. Make no law? Let's make some law!!! No state religion? Let's print Christian stuff on the money, carve it into buildings, sing it in the anthem, and best of all, use it in the courts for swearing... that'll teach 'em. Shall not infringe? Yay, let's infringe! Regulate among the states? Let's regulate IN the states! No ex post facto laws? Oh *heck* no, we GOTTA make those! Enumerated powers? Nah, let's just do anything we want, the heck with that! Warrants to search? Um... only in the interior of the country. And even then, maybe not. Probable cause? That's the same as "We like to grope", isn't it? Sure! No double jeopardy? Oh, that's easy, we'll just toss them back and forth between the criminal and civil court systems, they'll never figure that one out! Trial by jury? Same as "Lock in closet indefinitely, no lawyer, no phone call, innit?" Cruel and unusual punishment... yeah, what was that awesome torture we hung the Axis defendants for using at the war crimes trials? Oh yeah, water-boarding... let's do THAT! (and let's not forget we have rendition to play with, either.) Excessive bail shall not be imposed... heck with that, we'll ask whatever we want! Powers reserved to the states? Bwahahahaha. Oh, and the article III kicker... judicial power in constitutional cases: nah... let's just Make Stuff Up and skip that whole article V inconvenience.*

(*) It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.

Here in the US (and England) we rely more on common law - yes, judges.

Here in the US, we have government that has usurped powers far outside the explicitly authorized bounds. And that most certainly includes the judiciary.

In the end, it turns out that what the authors of the constitution wrote matters very little in our current legal system, because that document is treated by the government as barely relevant at this point in time, and even at that, only when it is convenient. Otherwise they ignore it, make things up, or simply plow ahead regardless.

It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.

Except when it comes to installing spyware on people's computers - the cybernetic equivalent.

The point of "quartering troops" in people's homes was not just the seizure of the homeowners' resources to support the occupying army. It was also that the troops - living with the family, eating at their table, etc. - doubled as government spies scrutinizing all a

Do you really expect the founding fathers to have anticipated computing devices that can encrypt data?

And furthermore, there's a reason that the Founders didn't try to enumerate specific communications technologies: they figured (apparently incorrectly, given your statements) that we would be able to logically extend our legal system to accommodate new technology, without requiring the citizenry to give up hard-won civil liberties as enshrined in the Constitution. It looks like some people are just unable to grasp that "personal papers and effects" might, I mean, just might, include a personal computer, and that that would indeed be in the spirit of the Constitution.

Do you really, in your heart of hearts, believe that the Founding Fathers, if they were alive today, would consider a hard drive full of a citizen's personal and confidential files to be in any way less deserving of the same legal protections afforded someone's wallet or their file cabinet? Do you really? Or are you one of these people who believes that the government should have the right to snoop into anyone's private business, for any reason, because they might have something to hide?

Spare me. This artificial dichotomy that is being presented to us by the government, that the "Internet" and "computing" are so intrinsically different from printed materials that the Constitution some how magically doesn't apply is disingenuous at best, treasonous at worst.

The problem is not that computers are somehow different to papers.. if you were carrying papers across the border they'd be searched too. The problem is that, for some stupid reason, there's an exception to the 4th amendment around borders.. and that got extended into airports as being "effectively borders".. even when you're not flying international..

And what did people expect to happen? You exempt the government from honoring the 4th amendment in some "special" places that most people regularly visit.. you didn't expect them to apply common sense and decency did you?

Do you really, in your heart of hearts, believe that the Founding Fathers, if they were alive today, would consider a hard drive full of a citizen's personal and confidential files to be in any way less deserving of the same legal protections afforded someone's wallet or their file cabinet?

Although I agree with your conclusion, I am troubled by this style of reasoning because (a) anybody can imagine the founding fathers have any kind of reaction they'd want the founders to have to conditions unimaginable in the founder's lifetime; (b) it assumes the founders were of one mind on what "liberty" means, which they manifestly were not; and (c) it deifies the founders, as if they had some kind of privileged access to the truth which we don't have.

Oh, please. The constitution is a set of principles, which laws are then written to implement. I'm no fan of the federal government (I think they have whole agencies that are not allowed under the federal constitution), but your expectation that every last detail - indeed, in anticipation of every last future development - be in the constituion is absurd. Do you really expect the founding fathers to have anticipated computing devices that can encrypt data? And to put that sort of thing in the constitution? Get real.

Encryption has been around since the early days of war and the founders certainly knew about it and (IMHO) explicitly guaranteed it as a right protected by the 2nd amendment. Think about it: for most of human history, encryption was *only* used as a strategic / tactical device. It's always been a means by which you organized the deployment of soldiers. If 2A is intended to enabled a "well regulated militia", it must cover encryption.

If the government had to build giant platforms 10 miles out to sea and require all people entering to stop there before coming into the country so their stuff could be inspected, they would. The courts give them some leeway as a nod to the fact that would be ridiculous for people trying to come in.

The courts give them some leeway as a nod to the fact that would be ridiculous for people trying to come in.

The courts, in point of fact, allow warrentless searches anywhere within 100 miles of the border, regardless of if you are, were, or ever planned to traverse the border. 190 million US citizens live within this region. Also, it is worth noting that the "4th amendment border exclusion" principle appears nowhere in the constitution. It's invented, unauthorized law. If they wanted it, the legitimate path to it was through article V. Consequently, it represents (yet another) usurped power.

If the government had to build giant platforms 10 miles out to sea and require all people entering to stop there before coming into the country so their stuff could be inspected, they would. The courts give them some leeway as a nod to the fact that would be ridiculous for people trying to come in.

There is no rational justification for extending that "platform" to one hundred miles inland from the actual border.

As to "leeway", how about the recent case of a citizen of New Zealand who was flying direct to Canada. A mechanical emergency on the plane required it to land in Hawaii. All occupants were herded out into an open area in full sun, where they were required to stand for up to two hours while being interrogated, The citizen in question was, with all others, required to fill out a questionnaire including "Why do you want to enter the United States?", to which he responded, "I don't".

When he finally was allowed to have the questionnaire read, the TSA bitch gave him a hard time about his answer. He said, "I had no intention of entering the US -- the plane made a forced landing for reasons outside my control."

The bitch finally let him go.

Can anyone answer any of the following questions:

Why is not the "smartest nation on earth" not able to anticipate that a plane might have to make an emergency landing in the US?

Why were these people not simply sequestered outside of customs and allowed to reboard whatever plane was supplied for the rest of the trip?

Why were they treated worse than animals, with no shade or water? Even animals are protected by laws regarding reasonable maintenance. I know this because I have a relative who sends racing pigeons in crates to Hawaii, where they are released to race back to the mainland.

Why are passengers required to fill out all the bullshit when there is no intention to land in the US, just to perhaps fly OVER the tip of Maine.

What are the odds of a passenger on such a flight busting out of the plane and parachuting onto our glorious countryside?

I have to say that after my last trip (on business) to the USA, I would never consider it a suitable tourist destination for myself or my family.

From the moment I debarked the plane at LAX I very much felt that I (and everyone else) was being treated like a criminal.

How dare we (foreigners) enter the glorious US of A -- the most wonderful nation in all the world?

The gentleman who walked the very long queue of people waiting to clear immigration repeatedly threatened (not warned -- *threatened*) all those present with severe penalties if we didn't correctly fill out the forms he was handing out.

The official who inspected my passport didn't welcome me to the USA and invite me to enjoy my stay -- the treated me (and everyone else) with massive suspicion and contempt -- making it very clear that *they* had all the power and that I was a someone who ought to be eternally grateful for being allowed to enter the country.

Is that really the way to treat visitors?

And as for the latest usurping of citizens rights in respect to searches -- well I feel very sorry for the USA.

It is (although perhaps somewhat less-so these days) truly a great nation, built on principles of integrity and freedom. Unfortunately (as they say) "Power Corrupts" and it would appear that those in power have seized the opportunity to use terrorism as justification for unreasonably extending the degree of power they now exert over the people who elected them to *serve*.

Every day that the sacred provisions and protections of The Constitution are ignored by the US Government is another day on which the Islamic fundamentalists can claim another victory.

Instead of fighting on their feet, the citizens of the USA are now living on their knees -- having compromised the very principles (The Constitution) that made their nation so great.

Of course it *is* a democracy so perhaps those of you who are US citizens might want to think about exercising those democratic rights (before they too are taken from you in the name of "the war against terror" and installing a government who appreciates that the principles of The Constitution are still worth fighting for and that no bunch of Islamic fundamentalists should be allowed to usurp them by way of a campaign of terror.

Perhaps it's time for a referendum to allow the US people to decide whether the constitution should be abolished because right now, it appears that such an abolition is happening by stealth -- and by the time the people wake up to that fact, it may well be too late. The very rights this document bestows on citizens will be lost and thus even the power to protect those rights will have gone forever.

This has been litigated to death, and searches at the border, essentially without limit, have been deemed reasonable. Indeed, for a little bit inside the border, the same applies.

Here, in the USA, "a little bit" means 100 miles (160.9 kilometers) inside the border... 2 out of 3 Americans live within 100 miles of the border; No, it does not matter if you have crossed the border or not many of your constitutional rights are null and void in this zone [privacydigest.com].

Whatever happened to him in the mean time is OK so long as it reaches a satisfactory conclusion?

Most^H^H^H^H Some Slashdotters are smart enough to understand that the ends never justify the means, that this person was picked on, detained for 5 hours and subjected to an invasive search was _not_ all well and good because he got his laptop back.

In the end, I'd put good money on this person being picked up because he was coming in from the Dom Rep rather then because he was Moxie Marlinspike. The TSA likes to pick on single males coming in from potential sex tourism destinations, perhaps because it's the low hanging fruit. Bust a few guys coming back from the Philippines with some home made porn (a pic of a naked Pinay is not hard to get) and make it look like you're doing a great job, after all who would defend these dirty sex pests (they are probably all pedo's anyway). Incompetence rather then malice, but the end result is the same.

I would gladly submit to detention and interrogation for five hours if I were guaranteed some ice cream and a blow job in return. Given that fact, much like liberty and safety, I probably don't deserve either.

Basically, take a laptop with an easy to swap hard drive. Swap in a new drive, with a clean image, and no access credentials except to a temporary dropbox account for emergency mail and/or working set.

Now if you are intercepted, there is no data TO capture, and you can remove all but hardware/bios trojans by a wipe and reinstall.

As a bonus, you can just take out the drive, hand it to customs, and let them have fun with it.

Basically, take a laptop with an easy to swap hard drive. Swap in a new drive, with a clean image, and no access credentials except to a temporary dropbox account for emergency mail and/or working set.

Now if you are intercepted, there is no data TO capture, and you can remove all but hardware/bios trojans by a wipe and reinstall.

As a bonus, you can just take out the drive, hand it to customs, and let them have fun with it.

International corporations are already doing something quite similar to this. You carry an empty laptop with you - and download an encrypted "project package" at your destination to install any special software, and any data you need. You encrypt and upload your product data (if you need to bring it back at all) and run a program that wipes the laptop before return.

But of course spies, criminals and terrorists would never think of doing this.

Then get rid of your computer. Seriously, because something like that you aren't talking half-assed law enforcement agency (which is what CBP is) you are talking national intelligence agency that really, really, wants your shit. Well you think that the only time they could pull something like that is at an obvious stop? Not hardly. They could do it before you ever get your hardware. So you order a new motherboard, they intercept the motherboard in transit, replace it with one they've modified, and on it goe

Again I think it is geeks puffing their own egos. Please remember that there's a vast, VAST gulf between law enforcement wanting to harass some guy, and a national intelligence agency being willing to spend a lot of money to try and snoop on them in an extremely covert manner. Remember that for the NSA to get involved, they have to be willing to break the law. Law says NSA is foreign only in their intelligence gathering. They can monitor communications to and from foreign locations, or systems that are on foreign soil but that's it. No monitoring in the US. I'm not saying they obey that in all cases, but that is the law meaning that if they got evidence its usefulness in a criminal trial would be nil.

So for them to even be willing to do that, there has to be a good reason. Then you are talking about some serious money spent to develop this custom monitoring BIOS that is both undetectable, unflashable, and ready to deploy on the specific device(s) this guy has. Then after all that, the totally ruin the secrecy by a big fluff up at the border.

Really? Sorry, but pushes the bounds of credibility way too far for me.

Remember that in terms of covert surveillance the US law enforcement agencies can do that very well, they just need a warrant. They could then tap his communications, place cameras in his house, monitor with tempest, whatever they get a warrant for, and do it all covertly. Also any evidence obtained in that way is 100% legal, unlike evidence the NSA got.

So why the border thing? Because they've got shit. They aren't expending any massive resources because there's no evidence of anything. The NSA isn't going to spend millions to try and monitor some guy illegally for no reason. However no warrant or anything is needed at the border so they harass him. Doesn't cost anything (the agents are already there) and so on. Also didn't accomplish anything but there you go.

Sorry but I just can't support this massive ego complex so many geeks have of thinking they are so important that the government will go to extremely difficult, nefarious, lengths just to try and monitor them, all while doing it in an extremely incompetent fashion. No, they won't. You are not that important, nor that sneaky. If there's a real problem they'll get a warrant to monitor and/or search for the evidence needed.

Domestic only and foreign only agencies routinely track people for the other agencies.

Sorry but I just can't support this massive ego complex so many geeks have of thinking they are so important that the government will go to extremely difficult, nefarious, lengths just to try and monitor them, all while doing it in an extremely incompetent fashion. No, they won't. You are not that important, nor that sneaky. If there's a real problem they'l

I would never trust my hardware again once I had handed it over to some customs (or other government agent) goons, and it left my sight. I would rather just remove the hard drive and hand it alone over to them, at least then I wouldn't have to trash the whole thing.

There's really no way to be 100% sure you successfully "re-flashed" the BIOS, or cleaned all hardware as some posters have said they would do. Not to mention: There could be additional hardware installed, 5 hours is a long time...

You could tear your machine apart and inspect it all you want, but it's well known once the enemy has unfettered physical access to a device, all bets are off.

Paranoid much? Shit, you could say that about new hardware as well. How do you know the manufacturers didn't put some virus/trojan, inadvertently or maliciously, on the devices you bought (especially now that most of those devices are made in China)?

You don't just have to be paranoid about government interference to be worried when there's ordinary crime along the lines of the ordinary thefts that we already see.For instance the low paid TSA guys could be paid kickbacks to put keyloggers on there so that criminals can get credit card numbers. The lack of accountability would mean that it would be a very long time before somebody in that position would be caught even if there was a lot of evidence.Personally I think we should get rid of that entire knee-jerk reaction organisation and replace their security guard style workforce with professional law enforcement with a clear chain of command and true accountability as was recommended in the first place. We wouldn't need anywhere near as many people and it would not cost as much. The only downside is it takes time to train such a group. We've got time, we've already had seven years of the sort of security staff you have to prevent shoplifting.

Right, and if you read the CNET article he mentions that he's already disposed of all the checked hardware.

He also mentioned that the extra cost of hardware + embarrassment of missing meetings due to being detained and missing flights means his business is losing contracts and money, and he's thinking of refusing international clients. Maybe that's the government's goal.

>> embarrassment of missing meetings due to being detained and missing flights

As disgusting as this whole episode is, the detention probably works for him, rather than against him. I didn't know this guy's name until a few days ago. Additionally, how many people do you know who are such security studballs that the whole US Government is out to intercept them at every turn?

With the price of hardware these days it's hardly worth even getting it back. Once it's compromised; it's compromised.

I agree, once it's been in the hands of an adversary you just can't trust it any more. I would purchase a new laptop over the counter reload the encryption and restore from secure backup.

I had to do this recently after having a system stolen. Fortunately everything was switched off and demounted at the time but it has made me think about the possibility of running remote wipe software so tha

I travel to the US a lot for business. What I do is Fedex my "real" hdd to the hotel I'm planning on staying at, usually 1 day before travel to the US is enough for it to be there waiting for me when I arrive at check-in (obviously its an encrypted disk).

I travel with my laptop, with a small capacity hdd that has a clean install, some common oss apps installed, some bogus documents downloaded from scribed, some fake e-mail accounts with credentials saved in firefox and some typical surfing history. The aim is to make them feel like they've found the stuff they're looking for and that there isn't anything worth pursuing - rather than trying to be a smart-ass that makes them even more intent on performing those unwanted rectal examinations. I've had my laptop taken twice in the last 3 years, and on both occasions after providing access details, I was given the laptop back within 5-10mins, other people i know that tried to screw over the TSA/customs by not providing all the access details they wanted, ended up never seeing their machines again.

Though now with the new scanners at play in the airports, I'm trying to reduce my travel to the US to a minimum. If I have to travel, I charge a premium for the various inconveniences endured, most clients are sympathetic and pay without much fuss.

I What I do is Fedex my "real" hdd to the hotel I'm planning on staying at, usually 1 day before travel to the US is enough for it to be there waiting for me when I arrive at check-in (obviously its an encrypted disk).

I have traveled to the US on business a lot before 9/11 and a few times after 9/11. The difference in "security" is frightening . . . I'd call it "siege mentality." When the security folks look at my laptop, and I show them my company ID badge, that gets me passed through, no questions asked. But I have to wonder, what do you do if you work for Airbus, and

Bring your best laptop with you. Bring a cheapie that you don't mind losing. This way you don't have any real qualms about abandoning it when these ass-wipes pull this.Keep anything important on the machine, encrypted or otherwise. Have an internet dead-drop you can push things to before crossing borders.Leave anything important on the machine. Use a decent file shredder to eliminate it.

Generally, I agree with the mission of customs, inspect stuff coming into the country. But it does not take 5 hours to do so for some guys laptops and a person should not be required to hand over passwords to their own computers.

Regardless of how long it takes, there is no reason to search laptops at the border. Anyone truly interested in slyly transmitting data across the US border would never be foolish enough to accompany said data on the trip. It is _trivial_ to transmit data undetected into the US (nice to meet you, internet. how long have you been there?); what justification is there for searching laptops in the first place?

It is _trivial_ to transmit data undetected into the US (nice to meet you, internet. how long have you been there?); what justification is there for searching laptops in the first place?

But you have to transmit the data to something. One of the things they look for when searching a laptop are clues as to which server systems you've been logging into. If they see by your browser history, for example, that you regularly visit hotmail.com, you'll probably be asked to log into your e-mail account so they can look for things there. If they don't find too many documents on your computer, they'll ask where you store them and have you log in there, as well. So, while the laptop might not contain the illegal data, it might contain clues as to where the Customs officers may find them.

I brought a just an internal sata hard drive to Canada from the US, while in Canada I wiped it clean. On the way back into the US they stopped me for a few hours.. They seemed to not get the concept of bring just a hard drive, I think if it would have been an external drive they wouldn't have gave me so much grief. When I got home there were large files all over the drive.. I can only assume they did that to overwrite anything hidden on the drive, which there wasn't. I found it to be a long waste of time and the people to be a bit clueless.....

You know, you should have brought the HD to the authorities and explain that some terrorist mole at Customs had placed unknown files, probably containing steganographed information, on your drive for later "retrieval" by burglary and that you were rightfully afraid for your life because the terrorists obviously wouldn't be willing to leave any witnesses behind.
That would have been a giant hoot.

Uh, I don't know about you, but I would prefer to keep possession of my OTHER computer equipment. If you haven't realized already the authorities in most countries can seize "everything" given a good enough excuse.

When they figure out the truth, they could pretend to take you way more seriously than you ever want. And you would have given them the paperwork to cover their asses for it.

Perhaps you can do what you propose, then the rest of us can discuss the resulting story on Slashdot.

This gives me the idea of building a slightly custom drive. It's not hard to do, really; remove the platters and there's plenty of space inside, then just put a cable to the outside controller board, concealed under it. The first idea that comes to mind is a drive that happily accepts all write and erase commands, yet presents a read-only filesystem.. say, with a troll image.. or better yet a *different* filesystem each time it's powered. Have fun imaging that. If you want writable storage, it could do a straight log of what the intrusive party did to the drive. The technology is near identical to current hybrid hard drives.

Actually, you might try rigging up a USB adapter for those old RLL disks and then just using an RLL drive mailing the adapter to you at home. Let's see how long it takes them to figure out how to access that data. Or better yet, you'd be limited to a minute amount of data, but those old 8" floppy disks have to be hard to read these days.

I brought a just an internal sata hard drive to Canada from the US, while in Canada I wiped it clean. On the way back into the US they stopped me for a few hours.. When I got home there were large files all over the drive..

Sounds like one of three things:
1) They installed some spyware on it.
2) Their machine was virus-infested and infested your drive.
3) Your "wipe" was a remove rather than a reformat-with-surface-analysis and they ran an undelete utility. (Were those files your prev

***They are all under the umbrella of the Department of Homeland Security whose core mission is to annoy, harass, and humiliate law-abiding citizens while letting the crooks slip through the cracks. ***

Very dubious. The DHS clownshow shows little sign of being competent enough to identify crooks well enough to let them through. Sleep well tonight, terrorists have exactly the same chance of being harassed by the DHS as anyone else.

I would suggest entering (or exiting the US), have nothing on your HD/SSD but an OS with a few games/media player and a phone that empty and can be used once for a short time.
In that case, why carry a computer and phone at all?

To complete the ritual. No one hides daggers in sleeves any more, but we still shake hands as a greeting.

Once again, Customs is a legitimate and competent part of the government. The TSA is neither. Yes, they both fall under DHS. However, the Army Corp of Engineers and the NSA both fall under the DOD but are very different. Further, the TSA and Customs are regulated by different parts of the CFR. 19 CFR for Customs and 49 CFR for TSA. As in, you're wrong.

Really? So harassing someone and stealing their kit in the airport is "legitimate and competent"?

If someone *really* wanted to smuggle "illegal" data of some kind into the country, they wouldn't be daft enough to travel with it on their laptop. They'd encrypt it and email it to themselves; or upload it to a cloud storage service, or have a file server of their own to FTP it into; or dump it into some random usenet group; or any of probably a dozen other ways to move data witho

Call me paranoid, but either U.S. Customs/DHS is totally stupid, or smuggling data into the country physically is the only way to get it in without being noticed nowadays. Has anyone looked into the possibility that Echelon and it's progeny might be active after all? Maybe the NSA can, to a high degree of confidence, wade though all online data traveling across the U.S. backbones. If they can't, and it's really that easy to get data into the U.S. via the 'Net, then the searches of the laptops are either A)

That's not fair. From his Wikipedia [wikipedia.org] page he seems to be obsessed with finding ways to man in the middle SSL connections so he can present them at Black Hat conferences and allow people to commercialise the for as long as possible before they are fixed.

Where would we be as a society if that it were possible for people to make secure SSL connections to their banks for example? That would be a nightmarish world where it would be impossible to redistribute income from the first world bourgeoisie to more worthy informal entrepreneurs in impoverished countries like China, Eastern Europe or Nigeria.

I think he's doing socially very useful work. I'd recommend a prize for him, except he's probably not short of cash.

Furthermore, he was being searched by customs after returning from a know drug smuggling point.

Yes, because certain criminals use the Dominican Republic to trade drugs, it's completely reasonable to assume that this person was involved in such activities. After all, nobody would go there to experience the culture, the cuisine, or the wide, sandy, sun-drenched beaches.

However, let's not forget that this guy is an American. There's more drug trading and murder going on in the US than in the Dominican. Obviously that makes him a gun-toting, murdering, drug lord, like all other Americans. I've seen Breaking Bad. The world would no doubt be a safer place if we didn't let Americans get out of the US.

As for the second, please explain how in the fuck you get labeled a "white hat" for showing up at black hat conferences and showing everyone how to MITM SSL?

Black hats don't hold conferences (in meatspace). There's just a conference called Black Hat which, by the nature of information from the conference being made public, is actually a white hat conference. It actually started out as something closer to a true black hat conference but of course that didn't last long.

Black hats have their conferences in various chat rooms and forums. When they meet, you don't know about it.

What makes you think that something presented at Blackhat isn't after 90 days notice to the developer? That's often the case - the threat of revelation after some fixed time provides some minor incentive to care about the vulnerability.

But even if not, it merely starts a race between the app developer and the exploit developer. In the case of some popular open-source app, the app developers would win the race (because they care, and know the code better). Not the best approach, but far nicer than selling

It's about questioning authority. It's about unreasonableness. It's about personal liberty & heavy-handed government. It's about "give an inch and they'll take a yard." (There's more but I hope that's sufficient.)